Who is ultimately responsible?
In the light of the Hillary Clinton email saga, will this signal a law change both in the US and over here?
As I have been managing our US sister site Channelnomics.com for the past couple of weeks while the site editor is away, I've been sucked into the story that a Colorado-based reseller has been drawn into the continuing Hillary Clinton email saga.
And a juicy one it is too.
The Americans certainly like a scandal involving politicians as much as we do. And I have learned that the American political set up is even more confusing than I found it when I did a module on it at University (many moons ago).
The focus is on the security of Clinton's private emails when she left her post as Secretary of State, and whether or not any sensitive or classified material was sent to/from this address.
Officials on opposing sides are not happy becasue the email was not a government-issue one, but a private one, managed by VAR Platte River Networks.
As far as Platte River Networks was concerned, it was just doing its job. But it has had a visit from the FBI, and Homeland Security is now demanding answers.
As the plot thickens, and it emerges the server was actually wiped clean in December 2014, many officials are asking questions why a reseller was managing and protecting an empty server, and whether it backed up the emails that were sent from the address during the time it was managing and protecting them.
But as concerns grow over the security implications of this story, talk is turning to whether new legislation will arise out of this, meaning the onus may be on the reseller to ensure any classified/sensitive data is properly secure and they will be held accountable if it is not.
In the current situation, Platte River Networks should emerge unscathed, and with far more publicity than it could ever have dreamed of paying for.
And many VARs, already have the top level of protection for their clients' data anyway, so they may not be that concerned.
But take government-level classified information, that threatens the actual security of the country as a whole into account, how confident would they all be then? Particularly if the sender has been careless about what they are sending and to whom from a non-approved email account.
Should the reseller shoulder any of the blame? Surely they cannot be expected to monitor every email sent from their customers' accounts in case they are sending sensitive or classified government data from a private email address?
Anything that happens in the US usually has repercussions for the UK, so I will be continuing to watch this story with interest, particularly the journey of Platte River Networks.